Verify that your VMware appliance host machines deny IPv4 forwarding.
About this task
If the system is configured for IP forwarding and is not a designated router, attackers could use it to bypass network security by providing a path for communication not filtered by network devices. Configure your virtual appliance host machines to deny IPv4 forwarding to avoid this risk.
- Run the # cat /proc/sys/net/ipv4/ip_forward command on the VMware appliance host machines to confirm that they deny IPv4 forwarding.
If the host machines are configured to deny IPv4 forwarding, this command will return a value of 0 for
/proc/sys/net/ipv4/ip_forward. If the virtual machines are configured correctly, no further action is necessary.
- To configure a virtual appliance host machine to deny IPv4 forwarding, open the /etc/sysctl.conf file in a text editor.
- Locate the entry that reads
net.ipv4.ip_forward=0. If the value for this entry is not currently set to zero or if the entry does not exist, add it or update the existing entry accordingly.
- Save any changes and close the file.